You are currently viewing Adobe AEM’s Debug Doorway: Critical RCE Under Active Exploitation

Adobe AEM’s Debug Doorway: Critical RCE Under Active Exploitation

  • Post author:
  • Reading time:2 mins read

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Adobe Experience Manager (AEM) to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation. The vulnerability, CVE-2025-54253, has a CVSS score of 10.0, representing maximum severity.

Vulnerability Details

CVE-2025-54253 is a misconfiguration bug that could lead to arbitrary code execution.

The flaw involves an authentication bypass to remote code execution via Struts2 devmode. The exposed /adminui/debug servlet allows evaluation of user-supplied OGNL expressions as Java code without authentication or input validation, enabling arbitrary system command execution with a crafted HTTP request.

Affected Products

The vulnerability affects Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier.

Impact & Exploit Potential

This flaw, as noted by CISA, is already being exploited in the wild. Successful exploitation of CVE-2025-54253 could result in arbitrary code execution, potentially allowing attackers to gain full control of the affected system.

Tactics, Techniques, and Procedures (TTPs)

  • TA0001 – Initial Access: Exploit a public-facing application to gain initial access to the system.
  • TA0005 – Execution: Execute arbitrary commands on the server via the exposed debug servlet.
  • T1190 – Exploit Public-Facing Application: Leverage the AEM vulnerability to compromise the system.
  • T1203 – Exploitation for Client Execution: Exploit the vulnerability to execute code on the client side.

Mitigation & Recommendations

Adobe addressed the vulnerability in version 6.5.0-0108, released in early August 2025. CISA advises Federal Civilian Executive Branch (FCEB) agencies to apply the necessary fixes by November 5, 2025.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.